diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2019-07-19 14:29:13 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2019-07-19 14:29:13 +0100 |
| commit | e2b47666fe1544959c89bd3ed159e9e37cc9fc73 (patch) | |
| tree | 37ec851963997cb1fcaf28d8552876596f7d4d69 | |
| parent | c054147ecc8598df8781241925a04f1386766dfe (diff) | |
| parent | b7cbb8741b40b7cd4de9ad6bdb69baae4d6dadcf (diff) | |
Merge remote-tracking branch 'remotes/berrange/tags/misc-next-pull-request' into staging
Merge misc fixes
A collection of patches I have fixing crypto code and other pieces
without an assigned maintainer
* Fixes crypto function signatures to be compatible with
both old and new versions of nettle
* Fixes deprecation warnings on new nettle
* Fixes GPL license header typos
* Documents security implications of monitor usage
* Optimize linking of capstone to avoid it in tools
# gpg: Signature made Fri 19 Jul 2019 14:24:37 BST
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* remotes/berrange/tags/misc-next-pull-request:
crypto: Fix LGPL information in the file headers
doc: document that the monitor console is a privileged control interface
configure: only link capstone to emulation targets
crypto: fix function signatures for nettle 2.7 vs 3
crypto: switch to modern nettle AES APIs
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
56 files changed, 298 insertions, 96 deletions
diff --git a/Makefile.target b/Makefile.target index 85216cace8..933b27453a 100644 --- a/Makefile.target +++ b/Makefile.target @@ -120,6 +120,7 @@ obj-$(CONFIG_TCG) += fpu/softfloat.o obj-y += target/$(TARGET_BASE_ARCH)/ obj-y += disas.o obj-$(call notempty,$(TARGET_XML_FILES)) += gdbstub-xml.o +LIBS := $(libs_cpu) $(LIBS) ######################################################### # Linux user emulator target @@ -294,6 +294,7 @@ audio_drv_list="" block_drv_rw_whitelist="" block_drv_ro_whitelist="" host_cc="cc" +libs_cpu="" libs_softmmu="" libs_tools="" audio_pt_int="" @@ -5042,12 +5043,12 @@ case "$capstone" in else LIBCAPSTONE=libcapstone.a fi - LIBS="-L\$(BUILD_DIR)/capstone -lcapstone $LIBS" + libs_cpu="-L\$(BUILD_DIR)/capstone -lcapstone $libs_cpu" ;; system) QEMU_CFLAGS="$QEMU_CFLAGS $($pkg_config --cflags capstone)" - LIBS="$($pkg_config --libs capstone) $LIBS" + libs_cpu="$($pkg_config --libs capstone) $libs_cpu" ;; no) @@ -6537,6 +6538,7 @@ echo "qemu_helperdir=$libexecdir" >> $config_host_mak echo "qemu_localedir=$qemu_localedir" >> $config_host_mak echo "qemu_icondir=$qemu_icondir" >> $config_host_mak echo "qemu_desktopdir=$qemu_desktopdir" >> $config_host_mak +echo "libs_cpu=$libs_cpu" >> $config_host_mak echo "libs_softmmu=$libs_softmmu" >> $config_host_mak echo "GIT=$git" >> $config_host_mak echo "GIT_SUBMODULES=$git_submodules" >> $config_host_mak diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 5a69b3ce74..409ab50f20 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/block-luks.h b/crypto/block-luks.h index befd8b2c56..7f094e7e96 100644 --- a/crypto/block-luks.h +++ b/crypto/block-luks.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/block-qcow.c b/crypto/block-qcow.c index cefb3b2a7b..4d7cf36a8f 100644 --- a/crypto/block-qcow.c +++ b/crypto/block-qcow.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/block-qcow.h b/crypto/block-qcow.h index 6988fb210b..340dcfe464 100644 --- a/crypto/block-qcow.h +++ b/crypto/block-qcow.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/block.c b/crypto/block.c index d70d401f87..ee96759f7d 100644 --- a/crypto/block.c +++ b/crypto/block.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/blockpriv.h b/crypto/blockpriv.h index 5438e822fd..71c59cb542 100644 --- a/crypto/blockpriv.h +++ b/crypto/blockpriv.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c index d8c811fd33..bf8413e71a 100644 --- a/crypto/cipher-builtin.c +++ b/crypto/cipher-builtin.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c index 10d75da75d..5cece9b244 100644 --- a/crypto/cipher-gcrypt.c +++ b/crypto/cipher-gcrypt.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c index 3848cb3b3a..d7411bb8ff 100644 --- a/crypto/cipher-nettle.c +++ b/crypto/cipher-nettle.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -42,29 +42,89 @@ typedef void * cipher_ctx_t; typedef unsigned cipher_length_t; #define cast5_set_key cast128_set_key + +#define aes128_ctx aes_ctx +#define aes192_ctx aes_ctx +#define aes256_ctx aes_ctx +#define aes128_set_encrypt_key(c, k) \ + aes_set_encrypt_key(c, 16, k) +#define aes192_set_encrypt_key(c, k) \ + aes_set_encrypt_key(c, 24, k) +#define aes256_set_encrypt_key(c, k) \ + aes_set_encrypt_key(c, 32, k) +#define aes128_set_decrypt_key(c, k) \ + aes_set_decrypt_key(c, 16, k) +#define aes192_set_decrypt_key(c, k) \ + aes_set_decrypt_key(c, 24, k) +#define aes256_set_decrypt_key(c, k) \ + aes_set_decrypt_key(c, 32, k) +#define aes128_encrypt aes_encrypt +#define aes192_encrypt aes_encrypt +#define aes256_encrypt aes_encrypt +#define aes128_decrypt aes_decrypt +#define aes192_decrypt aes_decrypt +#define aes256_decrypt aes_decrypt #else typedef nettle_cipher_func * QCryptoCipherNettleFuncNative; typedef const void * cipher_ctx_t; typedef size_t cipher_length_t; #endif -typedef struct QCryptoNettleAES { - struct aes_ctx enc; - struct aes_ctx dec; -} QCryptoNettleAES; +typedef struct QCryptoNettleAES128 { + struct aes128_ctx enc; + struct aes128_ctx dec; +} QCryptoNettleAES128; + +typedef struct QCryptoNettleAES192 { + struct aes192_ctx enc; + struct aes192_ctx dec; +} QCryptoNettleAES192; + +typedef struct QCryptoNettleAES256 { + struct aes256_ctx enc; + struct aes256_ctx dec; +} QCryptoNettleAES256; + +static void aes128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES128 *aesctx = ctx; + aes128_encrypt(&aesctx->enc, length, dst, src); +} + +static void aes128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES128 *aesctx = ctx; + aes128_decrypt(&aesctx->dec, length, dst, src); +} + +static void aes192_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES192 *aesctx = ctx; + aes192_encrypt(&aesctx->enc, length, dst, src); +} + +static void aes192_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES192 *aesctx = ctx; + aes192_decrypt(&aesctx->dec, length, dst, src); +} -static void aes_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, +static void aes256_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, uint8_t *dst, const uint8_t *src) { - const QCryptoNettleAES *aesctx = ctx; - aes_encrypt(&aesctx->enc, length, dst, src); + const QCryptoNettleAES256 *aesctx = ctx; + aes256_encrypt(&aesctx->enc, length, dst, src); } -static void aes_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, +static void aes256_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, uint8_t *dst, const uint8_t *src) { - const QCryptoNettleAES *aesctx = ctx; - aes_decrypt(&aesctx->dec, length, dst, src); + const QCryptoNettleAES256 *aesctx = ctx; + aes256_decrypt(&aesctx->dec, length, dst, src); } static void des_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, @@ -127,18 +187,46 @@ static void twofish_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, twofish_decrypt(ctx, length, dst, src); } -static void aes_encrypt_wrapper(const void *ctx, size_t length, +static void aes128_encrypt_wrapper(const void *ctx, size_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES128 *aesctx = ctx; + aes128_encrypt(&aesctx->enc, length, dst, src); +} + +static void aes128_decrypt_wrapper(const void *ctx, size_t length, uint8_t *dst, const uint8_t *src) { - const QCryptoNettleAES *aesctx = ctx; - aes_encrypt(&aesctx->enc, length, dst, src); + const QCryptoNettleAES128 *aesctx = ctx; + aes128_decrypt(&aesctx->dec, length, dst, src); } -static void aes_decrypt_wrapper(const void *ctx, size_t length, +static void aes192_encrypt_wrapper(const void *ctx, size_t length, uint8_t *dst, const uint8_t *src) { - const QCryptoNettleAES *aesctx = ctx; - aes_decrypt(&aesctx->dec, length, dst, src); + const QCryptoNettleAES192 *aesctx = ctx; + aes192_encrypt(&aesctx->enc, length, dst, src); +} + +static void aes192_decrypt_wrapper(const void *ctx, size_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES192 *aesctx = ctx; + aes192_decrypt(&aesctx->dec, length, dst, src); +} + +static void aes256_encrypt_wrapper(const void *ctx, size_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES256 *aesctx = ctx; + aes256_encrypt(&aesctx->enc, length, dst, src); +} + +static void aes256_decrypt_wrapper(const void *ctx, size_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES256 *aesctx = ctx; + aes256_decrypt(&aesctx->dec, length, dst, src); } static void des_encrypt_wrapper(const void *ctx, size_t length, @@ -319,34 +407,94 @@ static QCryptoCipherNettle *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, break; case QCRYPTO_CIPHER_ALG_AES_128: + ctx->ctx = g_new0(QCryptoNettleAES128, 1); + + if (mode == QCRYPTO_CIPHER_MODE_XTS) { + ctx->ctx_tweak = g_new0(QCryptoNettleAES128, 1); + + nkey /= 2; + aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc, + key); + aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec, + key); + + aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)-> + enc, key + nkey); + aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)-> + dec, key + nkey); + } else { + aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc, + key); + aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec, + key); + } + + ctx->alg_encrypt_native = aes128_encrypt_native; + ctx->alg_decrypt_native = aes128_decrypt_native; + ctx->alg_encrypt_wrapper = aes128_encrypt_wrapper; + ctx->alg_decrypt_wrapper = aes128_decrypt_wrapper; + + ctx->blocksize = AES_BLOCK_SIZE; + break; + case QCRYPTO_CIPHER_ALG_AES_192: + ctx->ctx = g_new0(QCryptoNettleAES192, 1); + + if (mode == QCRYPTO_CIPHER_MODE_XTS) { + ctx->ctx_tweak = g_new0(QCryptoNettleAES192, 1); + + nkey /= 2; + aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc, + key); + aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec, + key); + + aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)-> + enc, key + nkey); + aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)-> + dec, key + nkey); + } else { + aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc, + key); + aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec, + key); + } + + ctx->alg_encrypt_native = aes192_encrypt_native; + ctx->alg_decrypt_native = aes192_decrypt_native; + ctx->alg_encrypt_wrapper = aes192_encrypt_wrapper; + ctx->alg_decrypt_wrapper = aes192_decrypt_wrapper; + + ctx->blocksize = AES_BLOCK_SIZE; + break; + case QCRYPTO_CIPHER_ALG_AES_256: - ctx->ctx = g_new0(QCryptoNettleAES, 1); + ctx->ctx = g_new0(QCryptoNettleAES256, 1); if (mode == QCRYPTO_CIPHER_MODE_XTS) { - ctx->ctx_tweak = g_new0(QCryptoNettleAES, 1); + ctx->ctx_tweak = g_new0(QCryptoNettleAES256, 1); nkey /= 2; - aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx)->enc, - nkey, key); - aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx)->dec, - nkey, key); - - aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx_tweak)->enc, - nkey, key + nkey); - aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx_tweak)->dec, - nkey, key + nkey); + aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc, + key); + aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec, + key); + + aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)-> + enc, key + nkey); + aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)-> + dec, key + nkey); } else { - aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx)->enc, - nkey, key); - aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx)->dec, - nkey, key); + aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc, + key); + aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec, + key); } - ctx->alg_encrypt_native = aes_encrypt_native; - ctx->alg_decrypt_native = aes_decrypt_native; - ctx->alg_encrypt_wrapper = aes_encrypt_wrapper; - ctx->alg_decrypt_wrapper = aes_decrypt_wrapper; + ctx->alg_encrypt_native = aes256_encrypt_native; + ctx->alg_decrypt_native = aes256_decrypt_native; + ctx->alg_encrypt_wrapper = aes256_encrypt_wrapper; + ctx->alg_decrypt_wrapper = aes256_decrypt_wrapper; ctx->blocksize = AES_BLOCK_SIZE; break; diff --git a/crypto/cipher.c b/crypto/cipher.c index b3af57961b..e5adb56271 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/hash-gcrypt.c b/crypto/hash-gcrypt.c index 972beaa0f9..829e48258d 100644 --- a/crypto/hash-gcrypt.c +++ b/crypto/hash-gcrypt.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/hash-glib.c b/crypto/hash-glib.c index a0096c7c47..82de9db705 100644 --- a/crypto/hash-glib.c +++ b/crypto/hash-glib.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/hash-nettle.c b/crypto/hash-nettle.c index 96f186f442..2a6ee7c7d5 100644 --- a/crypto/hash-nettle.c +++ b/crypto/hash-nettle.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -26,12 +26,18 @@ #include <nettle/sha.h> #include <nettle/ripemd160.h> +#if CONFIG_NETTLE_VERSION_MAJOR < 3 +typedef unsigned int hash_length_t; +#else +typedef size_t hash_length_t; +#endif + typedef void (*qcrypto_nettle_init)(void *ctx); typedef void (*qcrypto_nettle_write)(void *ctx, - unsigned int len, + hash_length_t len, const uint8_t *buf); typedef void (*qcrypto_nettle_result)(void *ctx, - unsigned int len, + hash_length_t len, uint8_t *buf); union qcrypto_hash_ctx { @@ -112,7 +118,7 @@ qcrypto_nettle_hash_bytesv(QCryptoHashAlgorithm alg, size_t *resultlen, Error **errp) { - int i; + size_t i; union qcrypto_hash_ctx ctx; if (!qcrypto_hash_supports(alg)) { diff --git a/crypto/hash.c b/crypto/hash.c index b97323cf90..b0f8228bdc 100644 --- a/crypto/hash.c +++ b/crypto/hash.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/hmac-nettle.c b/crypto/hmac-nettle.c index ec2d61bdde..1152b741fd 100644 --- a/crypto/hmac-nettle.c +++ b/crypto/hmac-nettle.c @@ -18,14 +18,23 @@ #include "hmacpriv.h" #include <nettle/hmac.h> +#if CONFIG_NETTLE_VERSION_MAJOR < 3 +typedef unsigned int hmac_length_t; +#else +typedef size_t hmac_length_t; +#endif + typedef void (*qcrypto_nettle_hmac_setkey)(void *ctx, - size_t key_length, const uint8_t *key); + hmac_length_t key_length, + const uint8_t *key); typedef void (*qcrypto_nettle_hmac_update)(void *ctx, - size_t length, const uint8_t *data); + hmac_length_t length, + const uint8_t *data); typedef void (*qcrypto_nettle_hmac_digest)(void *ctx, - size_t length, uint8_t *digest); + hmac_length_t length, + uint8_t *digest); typedef struct QCryptoHmacNettle QCryptoHmacNettle; struct QCryptoHmacNettle { @@ -135,7 +144,7 @@ qcrypto_nettle_hmac_bytesv(QCryptoHmac *hmac, Error **errp) { QCryptoHmacNettle *ctx; - int i; + size_t i; ctx = (QCryptoHmacNettle *)hmac->opaque; diff --git a/crypto/init.c b/crypto/init.c index c30156405a..b305381ec5 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/ivgen-essiv.c b/crypto/ivgen-essiv.c index 43e258c6f7..3d5a188795 100644 --- a/crypto/ivgen-essiv.c +++ b/crypto/ivgen-essiv.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/ivgen-essiv.h b/crypto/ivgen-essiv.h index 6c35c0b5ab..d6edecf181 100644 --- a/crypto/ivgen-essiv.h +++ b/crypto/ivgen-essiv.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/ivgen-plain.c b/crypto/ivgen-plain.c index 06f4145fe5..81af198c49 100644 --- a/crypto/ivgen-plain.c +++ b/crypto/ivgen-plain.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/ivgen-plain.h b/crypto/ivgen-plain.h index 395501f693..43db898809 100644 --- a/crypto/ivgen-plain.h +++ b/crypto/ivgen-plain.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/ivgen-plain64.c b/crypto/ivgen-plain64.c index fbb7724b20..b377036c19 100644 --- a/crypto/ivgen-plain64.c +++ b/crypto/ivgen-plain64.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/ivgen-plain64.h b/crypto/ivgen-plain64.h index 0a20fd1fd8..f14100947d 100644 --- a/crypto/ivgen-plain64.h +++ b/crypto/ivgen-plain64.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/ivgen.c b/crypto/ivgen.c index 6a2b3ad01e..12822f8519 100644 --- a/crypto/ivgen.c +++ b/crypto/ivgen.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/ivgenpriv.h b/crypto/ivgenpriv.h index 28e5c67383..cecdbedfde 100644 --- a/crypto/ivgenpriv.h +++ b/crypto/ivgenpriv.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/pbkdf-gcrypt.c b/crypto/pbkdf-gcrypt.c index 54ca0d9c75..a8d8e64f4d 100644 --- a/crypto/pbkdf-gcrypt.c +++ b/crypto/pbkdf-gcrypt.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/pbkdf-nettle.c b/crypto/pbkdf-nettle.c index 212b3e816b..d6293c25a1 100644 --- a/crypto/pbkdf-nettle.c +++ b/crypto/pbkdf-nettle.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/pbkdf-stub.c b/crypto/pbkdf-stub.c index a15044da42..9c4622e424 100644 --- a/crypto/pbkdf-stub.c +++ b/crypto/pbkdf-stub.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/pbkdf.c b/crypto/pbkdf.c index f22e71d183..b7c7c4a59b 100644 --- a/crypto/pbkdf.c +++ b/crypto/pbkdf.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/random-gcrypt.c b/crypto/random-gcrypt.c index 7aea4ac81f..8306f16b64 100644 --- a/crypto/random-gcrypt.c +++ b/crypto/random-gcrypt.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/random-gnutls.c b/crypto/random-gnutls.c index ed6c9ca12f..96af91aee4 100644 --- a/crypto/random-gnutls.c +++ b/crypto/random-gnutls.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/random-platform.c b/crypto/random-platform.c index 66624106fe..f92f96987d 100644 --- a/crypto/random-platform.c +++ b/crypto/random-platform.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/secret.c b/crypto/secret.c index 30294b3229..a75d50ae0c 100644 --- a/crypto/secret.c +++ b/crypto/secret.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/tlscreds.c b/crypto/tlscreds.c index 50ecb704ee..4e657b850c 100644 --- a/crypto/tlscreds.c +++ b/crypto/tlscreds.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/tlscredsanon.c b/crypto/tlscredsanon.c index 3024b17cfd..d2adc7c131 100644 --- a/crypto/tlscredsanon.c +++ b/crypto/tlscredsanon.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/tlscredspriv.h b/crypto/tlscredspriv.h index 13e9b6c0b2..39f1a91c41 100644 --- a/crypto/tlscredspriv.h +++ b/crypto/tlscredspriv.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/tlscredspsk.c b/crypto/tlscredspsk.c index 9c53c6c7b1..4b6cf636ce 100644 --- a/crypto/tlscredspsk.c +++ b/crypto/tlscredspsk.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index 5247dd3b18..56dcef3673 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/tlssession.c b/crypto/tlssession.c index c3a920dfe8..33203e8ca7 100644 --- a/crypto/tlssession.c +++ b/crypto/tlssession.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/xts.c b/crypto/xts.c index 4277ad40de..d4a49fdb70 100644 --- a/crypto/xts.c +++ b/crypto/xts.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/docs/security.texi b/docs/security.texi index 927764f1e6..0d6b30edfc 100644 --- a/docs/security.texi +++ b/docs/security.texi @@ -129,3 +129,39 @@ those resources that were granted to it. system calls that are not needed by QEMU, thereby reducing the host kernel attack surface. @end itemize + +@section Sensitive configurations + +There are aspects of QEMU that can have security implications which users & +management applications must be aware of. + +@subsection Monitor console (QMP and HMP) + +The monitor console (whether used with QMP or HMP) provides an interface +to dynamically control many aspects of QEMU's runtime operation. Many of the +commands exposed will instruct QEMU to access content on the host file system +and/or trigger spawning of external processes. + +For example, the @code{migrate} command allows for the spawning of arbitrary +processes for the purpose of tunnelling the migration data stream. The +@code{blockdev-add} command instructs QEMU to open arbitrary files, exposing +their content to the guest as a virtual disk. + +Unless QEMU is otherwise confined using technologies such as SELinux, AppArmor, +or Linux namespaces, the monitor console should be considered to have privileges +equivalent to those of the user account QEMU is running under. + +It is further important to consider the security of the character device backend +over which the monitor console is exposed. It needs to have protection against +malicious third parties which might try to make unauthorized connections, or +perform man-in-the-middle attacks. Many of the character device backends do not +satisfy this requirement and so must not be used for the monitor console. + +The general recommendation is that the monitor console should be exposed over +a UNIX domain socket backend to the local host only. Use of the TCP based +character device backend is inappropriate unless configured to use both TLS +encryption and authorization control policy on client connections. + +In summary, the monitor console is considered a privileged control interface to +QEMU and as such should only be made accessible to a trusted management +application or user. diff --git a/include/crypto/block.h b/include/crypto/block.h index e729d5bd66..fe12899831 100644 --- a/include/crypto/block.h +++ b/include/crypto/block.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/cipher.h b/include/crypto/cipher.h index bce2d4c8e4..cac90b410c 100644 --- a/include/crypto/cipher.h +++ b/include/crypto/cipher.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/hash.h b/include/crypto/hash.h index 077ac7bea0..54d87aa2a1 100644 --- a/include/crypto/hash.h +++ b/include/crypto/hash.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/init.h b/include/crypto/init.h index f79c02266b..00e0f637ce 100644 --- a/include/crypto/init.h +++ b/include/crypto/init.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/ivgen.h b/include/crypto/ivgen.h index 0350cd2a93..9b4a62f7bb 100644 --- a/include/crypto/ivgen.h +++ b/include/crypto/ivgen.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/pbkdf.h b/include/crypto/pbkdf.h index ef209b3e03..2c31a44a27 100644 --- a/include/crypto/pbkdf.h +++ b/include/crypto/pbkdf.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/random.h b/include/crypto/random.h index c09998894f..325ff075d8 100644 --- a/include/crypto/random.h +++ b/include/crypto/random.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/secret.h b/include/crypto/secret.h index edd0e13236..5e07e29bae 100644 --- a/include/crypto/secret.h +++ b/include/crypto/secret.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/tlscreds.h b/include/crypto/tlscreds.h index 6b011e1dbc..fd7a284aa2 100644 --- a/include/crypto/tlscreds.h +++ b/include/crypto/tlscreds.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/tlscredsanon.h b/include/crypto/tlscredsanon.h index 4d6b7e4d29..9e9a5ce1a8 100644 --- a/include/crypto/tlscredsanon.h +++ b/include/crypto/tlscredsanon.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/tlscredspsk.h b/include/crypto/tlscredspsk.h index 306d36c67d..907035a29b 100644 --- a/include/crypto/tlscredspsk.h +++ b/include/crypto/tlscredspsk.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/tlscredsx509.h b/include/crypto/tlscredsx509.h index 66ad6a7486..e1542e5c8c 100644 --- a/include/crypto/tlscredsx509.h +++ b/include/crypto/tlscredsx509.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/tlssession.h b/include/crypto/tlssession.h index 1c7414e4ff..816300cdcc 100644 --- a/include/crypto/tlssession.h +++ b/include/crypto/tlssession.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/xts.h b/include/crypto/xts.h index 39ccaed822..f267b7824a 100644 --- a/include/crypto/xts.h +++ b/include/crypto/xts.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of |